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DETAILED ACTION 

Response to Amendment 

1. Applicant's amendments filed 11/16/2007 have been accepted and entered. It is 
noted that claims 1, 14 and 16 have been amended. As such claims 1-7, 9-14 and 16- 
22 are still pending. Applicant's amendments to the claims have overcome the 35 USC 
1 12 and it is therefore withdrawn. 

Response to Arguments 

2. Applicant's arguments filed 1 1/16/2007 have been fully considered but they are 
not persuasive. It is Applicant's assertion that the amendment recitation "wherein the 
authentication is based at least in part a determination that the observed behavioral 
pattern of the packets matches a pre-defined packet sequence" is not taught by either 
Kalajan or Teraoka. The Examiner respectfully disagrees. Kalajan disclose packets (see 
column 1 , line 50) which are well known in the art to include header, payload and trailer 
portions. As such the header and trailer portions of the Kalajan packets respectively 
contain, the packet's number distinguishing different packets based on a sequence 
number and the trailer portion contains checksum operation that ensures the received 
packet matches a predetermined value. Therefore, the Examiner believes Kalajan to still 
be relevant to Applicant's claimed invention. Moreover, it is Teraoka disclosure of 
packet header authentication (see column 7, lines 43-46; column 9, lines 16-23) which 
again is well known in the art for packet headers to contain information regarding the 
behavior, e.g. its sequence number. Therefore the Examiner believes this disclosure 
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meets Applicant's claim limitation and for at least these reasons the Examiner maintains 
the rejection of claims 1-7, 9-14 and 16-22. 

Claim Rejections - 35 USC § 103 
The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

3. Claims 1-7, 9- 14, and 16 - 22 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Kalajan in US Patent No. 6202156 (hereinafter US '156) further in 
view of Teraoka in US Patent No. 6009528 (hereinafter US '528). 

4. For claim 1 , and similar independent claims 1 4 and 1 6, US '1 56 discloses: 
A method for network security comprising: 

receiving a request from a remote address at a host; 

observing a behavioral pattern of packets associated with the request; 

authenticating the remote address based on the behavioral pattern of the 
packets associated with the request; and 

enabling access to the host by the remote address for a configurable time 
period if the remote address is authenticated; (see Abstract; Figure 1; column 1, 
lines 35 - 63, 65 - column 2, lines 1 - 10, 29 - 34, 37 - 43, 50 - 58: process of 
validating access request..., 60 - 65: time period...; column 6, lines 47 - 51 : packet 
observation...) but does not expressly disclose wherein the authentication is based at 
least in part a determination that the observed behavioral pattern of the packets 
matches a pre-defined packet sequence. 
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Teraoka however in US '528 teaches wherein the authentication is based at least 
in part a determination that the observed behavioral pattern of the packets matches a 
pre-defined packet sequence (see Abstract; column 7, lines 43-46: authentication 
information is in the packet header; column 7, lines 53 - 58: packet header contents; 
column 9, lines 16-23: packet header authentication). 

Kalajan and Teraoka are analogous art because they are from the same problem 
solving areas (enhancing the security of communication on a network). At the time of 
the invention, it would have been obvious to a skilled artisan to modify the method of 
packet authentication of Kalajan such "that it would be based at least in part a 
determination that the observed behavioral pattern of the packets matches a pre- 
defined packet sequence" such as packet header authentication as in Teraoka. The 
motivation for doing so would have been to enhance network security. 

For claim 2, and similar claim 17, US '156 teaches: 
A method for preventing network discovery of a system services configuration as recited 
in claim 1 further including preventing a response from being sent to the remote 
address, (see column 1 , lines 36 - 37; column 3, lines 1 7 - 20) 

For claim 3, and similar claim 18, US '156 discloses: 
A method for preventing network discovery of a system services configuration as recited 
in claim 1 wherein receiving a request from a remote address at the host further 
includes receiving a probe, (see column 2, lines 42 - 43; column 4, lines 41 - 43, 58 - 
61) 

For claim 4, and similar claim 19 US '156 discloses: 
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A method for preventing network discovery of a system services configuration as recited 
in claim 1 wherein observing a pattern associated with the request further includes 
recording data received at the host, (see column 4, lines 33: firewall; column 6, lines 47 
-56) 

For claim 5, and similar claim 20, US '156 teaches: 
A method for preventing network discovery of a system services configuration as recited 
in claim 1 wherein observing a pattern associated with the request further includes 
matching the pattern to a list, (see column 4, lines 1-11) 

For claim 6, US '156 teaches: 
A method for preventing network discovery of a system services configuration as recited 
in claim 1 wherein observing a pattern associated with the request further includes 
recording a sequence, (see column 4, lines 1 - 1 1 , 35 - 39 and 54 -61 ) 

For claim 7, and similar claim 21 US '156 teaches: 
A method for preventing network discovery of a system services configuration as recited 
in claim 1 wherein authenticating the remote address based on the pattern associated 
with the request further includes comparing the pattern to a list, (see column 4, lines 1 - 
11 and 54-61) 

For claim 9, and similar claim 22 US '156 discloses: 
A method for preventing network discovery of a system services configuration as recited 
in claim 1 wherein authenticating the remote address based on the pattern associated 
with the request further includes preventing a response being sent to the remote 
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address if the remote address fails to authenticate, (see column 4, lines 62 - 65: 
blocked by firewall; column 5, lines 53 - 56) 

For claim 10, US '156 teaches: 
A method for preventing network discovery of a system services configuration as recited 
in claim 1 wherein authenticating the remote address based on the pattern associated 
with the request further includes denying access to the host if the remote address fails 
to authenticate, (see column 5, lines 53 - 56 and 65 - column 6, lines 1-7) 

For claim 1 1 , US '156 teaches: 
A method for preventing network discovery of a system services configuration as recited 
in claim 1 wherein authenticating the remote address based on the pattern associated 
with the request further includes sending a message to the remote address if the 
request fails to authenticate, (see column 5, lines 53 - 56 and 65 - column 6, lines 1-7) 

For claim 12, US '156 discloses: 
A method for preventing network discovery of a system services configuration as recited 
in claim 1 wherein enabling access to the host by the remote address further includes 
providing access for a configurable amount of time, (see column 2,, lines 61 - 64 and 
column 4, line 66 - column 5, lines 1 - 4) 

For claim 13, US '156 discloses: 
A method for preventing network discovery of a system services configuration as recited 
in claim 1 wherein enabling access to the host by the remote address further includes 
implementing a handshake between the remote address and the host, (see column 4, 
lines 54 -58) 
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Conclusion 

5. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to LAUREL LASHLEY whose telephone number is 
(571)272-0693. The examiner can normally be reached on Monday - Thursday, alt 
Fridays btw 7:30 am & 5 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron, Jr. can be reached on 571-272-3799. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
/L LJ 

Laurel Lashley 
Examiner 
Art Unit 2132 

13 February 2008 

/Gilberto Barron Jr./ 

Supervisory Patent Examiner, Art Unit 2132 



